I. J. Computer Network and Information Security, 2012, 8, 33-39 Published Online August 2012 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2012.08.04 Distributed Encrypting File System for Linux in User-space U. S. Rawat, Shishir Kumar Department of Computer Science & Engineering, Jaypee University of Engineering & Technology, Guna (MP), India [email protected], [email protected] Abstract — Linux systems use Encrypting File System access over Network File System (NFS), file sharing (EFS) for providing confidentiality and integrity services among multiple users, possible use by non-privileged to files stored on disk in a secure, efficient and users, portability, incremental backups etc. transparent manner. Distributed encrypting file system Encryption services by encrypting file systems can be should also provide support for secure remote access, placed at file system level or device layer level. In device multiuser file sharing, possible use by non-privileged layer systems like dmCrypt [3] and cryptsetup [4], users, portability, incremental backups etc. Existing encryption/decryption takes place at device layer in kernel-space EFS designed at file system level provides kernel-space, using Linux kernel device mapper all necessary features, but they are not portable and infrastructure that provides a generic way to create virtual cannot be mounted by non-privileged users. Existing layers of block devices. These systems perform user-space EFS have performance limitations and does encryption with a single key on entire block device, so not provide support for file sharing. file sharing is not possible among multiple users. They Through this paper, modifications in the design and are also not convenient for incremental back-ups, cannot implementation of two existing user-space EFS, for be mounted by non-privileged users and cannot be used performance gain and file sharing support, has been remotely over NFS. presented. Performance gain has been achieved in both At file system level, EFS can be implemented either in the proposed approaches using fast and modern ciphers. user-space or in kernel-space. eCryptfs [5] is the most File sharing support in proposed approaches has been popular kernel-space EFS, integrated with the Linux provided with Public Key Infrastructure (PKI) integration kernel since 2.6.19. It uses stackable file system interface using GnuPG PKI module and Linux Pluggable approach [6] to introduce a layer of encryption that can fit Authentication Module (PAM) framework. over any underlying file system. eCryptfs has been Cryptographic metadata is being stored as extended implemented using File System Translator (FiST) [7], a attributes in file‘s Access Control List (ACL) to make file tool that can be used to develop stackable file systems sharing task easier and seamless to the end user. using template code. eCryptfs is more efficient than existing user-space encrypting file systems, discussed Index Terms — Encrypting File System (EFS), File subsequently. It performs encryption on a per-file basis System in User-space (FUSE), Network File System and provides support for file sharing among multiple (NFS), Public-Key Infrastructure (PKI), Access Control users using Public Key Infrastructure (PKI) support. It List (ACL), Pluggable Authentication Module (PAM) also provides support for file integrity using keyed hashes. It can be used remotely on top of networked file systems. The limitations of eCryptfs are that, it cannot be ported I. INTRODUCTION across different platforms and do not provide any options for non-privileged users to mount a file system. While considering file system security, several aspects Existing user-space EFS like CFS [8] and EncFS [9] should be taken into account such as authentication, are implemented using NFS approach and File System in authorization, access control, confidentiality and integrity. User-space (FUSE) [10] respectively. CFS is Linux systems provides authentication, authorization and implemented entirely in user-space as a modified NFS access control services using Pluggable Authentication server. A userspace daemon, cfsd, acts as a pseudo-NFS Module (PAM) [1] ; policy language that defines file server, and NFS client in the kernel makes RPC calls to owner and group, along with the owner/group/world the daemon. The CFS daemon performs transparent read/write/execute attributes of the file; Posix Access encryption/decryption of file contents during write and Control Lists (ACL‘s) [2] that provides more stringent read operations.CFS can be mounted by any user on the access control on a per-file basis etc. For confidentiality system and does not require any modifications to the and integrity services, Encrypting File System (EFS) kernel so can be easily portable. CFS is capable of acting have to be used that provides file encryption/decryption as a remote NFS server, so it can be accessed remotely along with integrity mechanisms, in a secure, efficient without requiring an additional NFS mount. The and transparent manner to the user. Distributed limitation of CFS is its poor performance due to frequent encrypting file system should also provide secure remote Copyright © 2012 MECS I.J. Computer Network and Information Security, 2012, 8, 33-39 34 Distributed Encrypting File System for Linux in User-space context switches and data copies between user-space and operations taking place in modified CFS and EncFS kernel-space. Also, it uses DES algorithm for file respectively. Section V describes the implementation of encryption/ decryption, which further degrades its proposed designs. Section VI provides performance performance. EncFS [9] is another popular user-space comparison of both proposed approaches with existing EFS for Linux, written using FUSE library. FUSE has user-space and kernel-space encrypting file systems. been integrated into the Linux kernel tree and provides a Section VII concludes the paper with identified future good way to write virtual file systems. FUSE exports all work. file system calls within the kernel to the user-space through a simple application programming interface (API) by connecting to a daemon that is running in the user- II. MODIFIED ARCHITECTURES OF CFS AND ENCFS space. In EncFS, this user-space daemon has been Modification made in the existing architectures of CFS modified to perform transparent encryption and and EncFS, for providing support for file sharing, have decryption of file contents during write and read system been shown as dotted portions in Fig. 1 and Fig. 2, calls respectively. EncFS is portable as FUSE has ports respectively. Existing CFS and EncFS perform available for other major operating systems. EncFS also encryption of entire directory contents with a single key, has provisions to permit non-privileged users to mount with storing cryptographic metadata in special files in the file system. FUSE provides an efficient userspace- that directory, so file sharing is not possible in these kernel interface, so performance of EncFS is somewhat systems. For multiuser file sharing support, modified better than CFS. EncFS can be used remotely, mounted CFS and modified EncFS performs encryption of each on top of NFS. It also provides support for file integrity file with a different File Encryption Key (FEK) that itself using keyed hashes. Both CFS and EncFS perform encryption with a single key on entire directory, so is encrypted with the public keys of the users who are sharing of files is not possible among different users. authorized to access that file. Public key cryptographic support is being provided by Pluggable Authentication As mentioned above, performance, file sharing, Module (PAM) [1] and GnuPG PKI module [17]. PAM portability and availability to non-privileged users, all provides a discretionary access control mechanism cannot be achieved together. Existing user-space EFS whereby superuser can parameterize how a user is have performance limitations and does not provide authenticated and what happens at the time authentication. support for file sharing; and kernel-space EFS are not In both modified approaches, PAM captures the user‘s portable and cannot be mounted by non-privileged users. login passphrase and stores it in the session keyring. Through this work, design and implementation of user- GnuPG PKI module has been used to access the user‘s space EFS using two approaches: one based on CFS and GnuPG keyring. GnuPG keyring stores public key and another based on EncFS, with performance improvements private key pair corresponding to all the users on the and file sharing support, has been presented. In modified CFS approach, Blowfish algorithm has been used instead system. GnuPG PKI module utilizes the user‘s login of DES for improving performance. Blowfish gives high passphrase stored in user‘s session keyring to decrypt and access the user‘s private key stored on the GnuPG performance that DES, Triple DES and AES ciphers [11]. keyring. It provides the user‘s private key and public key In modified EncFS approach, XTS (XEX-based Tweaked to the CFS daemon and EncFS daemon when the user codebook mode with ciphertext Stealing) mode of the logged in. AES algorithm [12, 13] has been used for performance gain. EncFS uses CBC (Cipher Block Chaining) mode for file encryption with keyed hashes, like HMAC, for file integrity. In modified EncFS, XTS-AES itself provides more protection than CBC-AES against unauthorized manipulation of the encrypted data, thus curtails the need for separate integrity mechanism [14, 15]. Thus, XTS- AES mode is suitable choice for encrypting data stored on hard disks where there is not additional space for an integrity field. It also provides random access to encrypted data. It can also be implemented as parallel algorithm. Parallel implementation of XTS-AES algorithm is 90 % more efficient than the serial algorithm [16]. In both the proposed approaches, file sharing support is being provided by PKI integration and performing encryption on a per-file basis with storing cryptographic metadata as extended attributes in file‘s ACL. The rest of this paper is organized as follows.